This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
Re: Fw: Bug in gcc
- To: Steffen Wendzel <garbage-fan at web dot de>
- Subject: Re: Fw: Bug in gcc
- From: Zack Weinberg <zack at codesourcery dot com>
- Date: Wed, 24 Oct 2001 23:12:28 -0700
- Cc: bug-gcc at gnu dot org
- References: <000c01c15d18$ecd90b50$0100a8c0@cdp>
> > > # ls -l
> > > total 597
> > > -rwx------ 1 root wheel 177 Oct 14 01:36 backup
> > > -rwxr-xr-x 1 root wheel 34463 Oct 15 21:15 glw
...
> > > then i compiled the same programm in the same directory
> > > as a normal user (the user must have write-access on the
> > > directory !!):
...
> > > And now i can overwrite the glw-exec-file from root with
> > > mynormal user !
Any user with write privileges on a directory may create, delete, and
rename files in that directory, whether or not they own the files (as
long as the directory does not have the sticky bit set).
It is common for programs, including GCC, to create files under
temporary names, then rename them what they're supposed to be named.
This prevents anyone from ever seeing a file which is half the old
version and half the new.
Put these two things together and you should see why this apparently
strange behavior is in fact correct and expected.
If you are concerned about local exploits you must make sure that
directories containing trusted files are not writable by unprivileged
users. In fact, you must make sure that no directory in the path
between a trusted file and the root is writable by unprivileged users,
or a hostile user could replace an entire directory.
zw